The present invention relates in general to computerised systems for down-loading, or xe2x80x98browsingxe2x80x99, information stored in computer-readable form. More particularly, although not exclusively, the invention relates to a browser system for browsing information that contains mobile code retrievable from the World Wide Web.
The World Wide Web (Web) may be thought of as a global village where computers (hosts) are the buildings, and the worldwide computer network known as the Internet forms the streets. The computers have addresses (IP Addresses) consisting of four numbers separated by periods. Many hosts also have nicknames known as domain names. A Web site typically consists of a UNIX or Microsoft Windows based Web server, which runs on a host and xe2x80x98servesxe2x80x99 software or content to other computers accessing the Web site. A Web site is not a single application, but a system that provides access to applications and data stored on the host, as well as inside an organisation. A user utilises a Web xe2x80x98browserxe2x80x99 running on a client computer to access the software or content on the Web server.
FIG. 1 illustrates a client computer 100 executing a Web browser program 105 that is employed by a user to communicate over the Internet 110, in a special language called HyperText Transfer Protocol (HTTP) 115, with a host computer 120 executing a Web server program 125 to obtain data. Hereafter, the term xe2x80x98Web browserxe2x80x99 may be used interchangeably to describe a Web browser program or the program in execution on a computer, depending on the context. In the diagram, and in following diagrams, solid connection lines represent physical connections between hardware and broken connection lines represent logical connections between software processes. The most basic Web transaction involves the transmission of Web pages, written in HyperText Markup Language (HTML) from the Web server 125 to the Web browser 105. Upon request by the user at the Web browser 105, the Web server 125 translates the HTML-based Web page into HTTP and sends it over the Internet 110 for display as a Web page on the requesting browser 105. The Web browser 105 receives the HTTP-encoded Web page, translates the HTTP back into HTML and displays the page.
The concept of xe2x80x98mobile codexe2x80x99 has been developed to extend the functionality of the Web. Mobile code is typically code associated with a Web page which, when downloaded from a Web server, automatically executes within the environment of the requesting Web browser. In a simple form, mobile code can be used to enhance the graphical appearance of a Web page by, for example, implementing simple animation. It is envisaged, however, that mobile code will be used to implement many different and far more complex functions in future. A good example of one use for mobile code is to download transactional clients, which support specialised user interfaces, to support data transfer between client and server applications.
Commonly, mobile code is written in the Java programming language as a Java applet. Mobile code may also be written in other languages, such as defined in the ActiveX model. Both Java applets and ActiveX control functions can be embedded into a standard Web page. Therefore, the simple operation of downloading a Web page can also download and activate associated mobile code.
While mobile code can greatly extend the functionality of the Web, the same extended functionality, by its nature, leads to serious security issues.
Mobile code, and Web browsers that run mobile code, are developed according to rigid security guidelines which are intended to prevent the possibility that malicious users can use mobile code to cause harm to the computing environment surrounding a Web browser. However, there are already many documented flaws in the security measures, which can lead to devastating results. Typically, the party downloading xe2x80x98roguexe2x80x99 mobile code would be unaware of the damaging effect thereof until it was too late.
Some serious mobile code attacks known take advantage of bugs in the mobile code processing environment of the Web browser, which allow the mobile code to gain control over the operating system of the computing platform. From this position, the mobile code could cause damage such as deleting all files on the computer, or even launching attacks on other, networked computing platforms.
Other serious mobile code attacks are known as xe2x80x98social engineeringxe2x80x99 attacks. These attacks rely on tricking an unwary user by, for example, sending the user a xe2x80x98patchxe2x80x99 for the Web browser, and suggesting that the patch is to remedy a security flaw in the Web browser. The patch, instead of being one that remedies a security flaw, actually overwrites good code with code that creates a security flaw. There are many other ways of tricking unwary users in this way.
Web browsers, which can run mobile code, such as Netscape Navigator(trademark), typically include the option to xe2x80x98disablexe2x80x99 mobile code processing, thereby preventing the potential for any damage, even if mobile code is downloaded. Of course, this radical measure, whilst being very effective, also removes any benefit which can be obtained from genuine, safe mobile code.
It would therefore be desirable to have a system in which mobile code can be executed safely, while at the same time not allowing rogue mobile code to cause any damage to any system.
In accordance with a first aspect, the present invention provides a browser system, comprising a browser process configured to receive from a remote data source a resource incorporating mobile code and to process the mobile code to generate graphical output data; and
an interface process configured to provide a communications channel between the browser process and a remote display system to facilitate transfer of the graphical output data to the remote display system.
The term browser is commonly associated with complex and sophisticated programs such as Netscape Navigator(trademark) or Internet Explorer(trademark). These programs are well known. However, herein, the term browser is used more broadly to include any program or system which, when running, is able to receive a requested resource, for example a Web page, from a source such as a Web server connected via a communications network to the browser. Further, a browser according to the present invention can even receive unsolicited resources as a result of, for example, some form of xe2x80x98pushxe2x80x99 technology, which distributes resources or messages to registered subscribers.
The invention has the advantage that mobile code is processed in a secure environment, so that the client, which is apart from the environment, remains relatively safe from attack. The client only receives data from the browser to visualise the output of the processing of the mobile code on the browser. The client is, therefore, in effect able to access mobile code, and see the result of the processing of the mobile code, without being subjected to any threat from rogue mobile code.
In a preferred embodiment of the present invention, the browser system comprises a secure operating system, for example one which enforces Mandatory Access Control (MAC), such that mobile code and the browser are unable to damage the system running the browser, let alone the client.
While the invention, in general, aims to protect user systems from rogue mobile code, and from vulnerable browsers running rogue mobile code, embodiments which employ secure operating systems, such as those providing MAC, can be configured to also provide a high level of protection to the computer platform that supports the browser running the mobile code. Such systems consequently can provide even more protection to users"" systems, by greatly reducing the risk of mobile code reaching users"" systems, or other parts of the network, by some other route.
Other aspects and features of the invention are described and claimed hereafter.